Clym Logo
CA flag

CA

Alberta Personal Information Protection Act (AB PIPA)

Overview

The Alberta Personal Information Protection Act (PIPA), effective since January 1, 2004, regulates the way private sector organizations in Alberta collect, use, and disclose personal information. The Act aims to protect individual privacy while recognizing the needs of organizations to collect, use, or disclose personal information for legitimate business purposes. PIPA is applicable to all private organizations, including those involved in commercial activities within the province.

Regulation Summary

  • May 2003: PIPA received Royal Assent.
  • January 1, 2004: PIPA became effective.

  • Private sector organizations operating in Alberta.
  • Non-profits engaging in commercial activities.
  • Organizations managing personal information within Alberta, regardless of their location.

  • Public Bodies: Governed by Alberta’s Freedom of Information and Protection of Privacy Act (Freedom of Information and Protection of Privacy Act (FOIP)).
  • Personal Use: Personal data collected for personal or domestic purposes.
  • Employee Information: Exemptions for employee data directly related to employment.

  • Accountability: Designate a privacy officer to ensure compliance.
  • Consent: Obtain informed consent before collecting, using, or disclosing personal data.
  • Purpose Limitation: Use data only for specified purposes.
  • Transparency: Provide clear privacy policies to individuals.
  • Data Security: Protect personal information against unauthorized access or misuse.

  • Cookie Use: Notify users about cookies and obtain consent where required.
  • Privacy Policies: Display comprehensive privacy policies.
  • Access Requests: Respond to access and correction requests within 30 days.

  • Retention and Disposal: Retain personal data only as long as necessary and dispose of it securely.
  • Cross-Border Transfers: Ensure adequate protection for data transferred outside Canada.
  • Breach Notification: Notify affected individuals and Alberta’s Office of the Information and Privacy Commissioner (OIPC) in case of significant breaches.

  • Access: Request access to personal information.
  • Correction: Request correction of inaccuracies.
  • Withdrawal of Consent: Revoke consent for future data use.
  • Complaints: File complaints with the OIPC regarding data mishandling.

  • Overseen by the Office of the Information and Privacy Commissioner (OIPC).
  • Powers include investigations, audits, and enforcement orders.
  • Penalties: Fines of up to CAD $10,000 for individuals (approximately $7,400) and CAD $100,000 for organizations (approximately $74,000) for non-compliance.
Book a demo